Data Security
Protecting sensitive health data is our #1 priority
InformedDNA is committed to providing the highest level of privacy and security to everyone who entrusts sensitive data and health information to our care. Whether it is genetic data, personal and family medical history, or claims and financial data, trust is paramount.
Our philosophy is rooted in an unwavering commitment to data privacy that applies to both individuals and organizations, and in going above and beyond to protect, secure and act in the best interest of everyone we serve.
Our commitment to trust is guided by the following principles related to privacy:
Customer-Centric
Customers — whether they are the patients themselves, health plans, health systems or other organizations — are at the forefront of our operations. This type of approach to data privacy and security means prioritizing the protection and privacy of customer data above all else while also ensuring that customers have a positive experience with us. Some examples of what that looks like in action include:
- Clear rules and controls over data collection and storage to match customer preferences for sharing sensitive information, such as secure portal, mail, fax or over the phone.
- Clear communication channels for clients to contact us with any security concerns or questions, as well as dedicated resources to promptly respond.
- Consent forms that require patient signatures and approval before anything happens, such as a counseling appointment, or including additional participants in appointments or records requests. The patient has the power.
Responsibility
Protecting data is the responsibility of every employee, business partner, third-party vendor and any other business entity connected to InformedDNA.
- Key responsibilities have been assigned to specific people in the organization to be accountable for ensuring compliance.
- Regular training is mandated for every employee to complete, and all employees are randomly tested on knowledge and readiness to handle or look for cyber threats, such as Phishing scams.
- Third-Party Partnerships are held to the same level of data security standards. We perform security due diligence and independent assessments with potential partners and vendors, as well as implement SOPs that cover privacy and security nuances for every relationship.
Security
Robust security measures and procedures are in place to protect data, providing clients and stakeholders a high level of confidence that their information is secure, which include but are not limited to:
- Data protection & privacy via encryption, masking, etc
- Stringent access controls, e.g. multi-factor authorization
- Independent Security Assessment and Testing
- Threat and Vulnerability Management
- Continuous monitoring and adaptation in the face of new challenges
We adhere to all relevant data protection regulations and industry standards, such as HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), PCI and HITECH. We are committed to meeting and exceeding these requirements and show adherence to these controls by gaining certifications from independent, third-party assessments.
Transparency
InformedDNA is committed to being transparent about its data security practices and is accountable for any breaches or incidents that may occur. Our clear privacy policy that outlines how data is collected, used, and shared can be accessed by anyone on our company website, found here. In the event of a security incident, our commitment to a vigilant and transparent response is unwavering. While we have maintained a strong security record since our inception, we recognize the dynamic nature of cybersecurity and remain dedicated to continuous improvement.
